Server 1.202.0 introduces auth.md support so AI agents can securely register with the Tuist server and obtain credentials on your behalf after you approve the connection.
- Agents can discover the server’s auth.md contract at the new
/auth.mdendpoint and follow WorkOS-compatible flows to create or claim a Tuist account for you. - You approve an agent-initiated email registration through an OTP claim ceremony, after which the agent receives a user-scoped access token or API key.
- Agents can start anonymously and receive an immediate API key, then upgrade that registration to a claimed account later.
- For agents that support verified ID-JAG registration, the server validates the provider’s identity token against a trusted JWKS, prevents replay, and matches or provisions an existing user automatically.
- OpenAI is included in the default trusted provider list. Anthropic is not yet included in the default list because its public OIDC issuer and JWKS endpoint are not yet available.
- Self-hosted deployments can add extra trusted providers by setting
TUIST_AGENT_AUTH_TRUSTED_PROVIDERS_JSONor configuringagent_auth.trusted_providers.